Secure Hardware Kernels Execution in CPU+FPGA Heterogeneous Cloud
作者: Festus Hategekimana , Joel Mandebi Mbongue , Md Jubaer Hossain Pantho , Christophe Bobda
关键词: Virtual machine 、 Software 、 Computer science 、 Access control 、 Computer hardware 、 Privilege (computing) 、 Overhead (engineering) 、 Cloud computing 、 Software security assurance 、 Hypervisor
摘要: In this paper, we present a new security framework which allows controlled sharing and isolated execution of mutually distrusted FPGA-accelerators in heterogeneous cloud systems. The proposed enables the accelerators running FPGAs computers to transparently inherit at run-time, software policies virtual machines processes calling them. This capability system enforcement mechanism propagate access control privilege boundaries expressed hypervisor level, down individual FPGA-accelerators. Furthermore, software/hardware prototype implementation framework, showing that it can easily be integrated within machine stacks run today's cloud-based Experimentation results show our provides secure hardware with negligible overhead on guest VMs applications.
sci-hub.se 参考文章(19)
Peter A. Loscocco, Stephen D. Smalley, Meeting Critical Security Objectives with Security-Enhanced Linux ,(2001)
Swarup Bhunia, Abhishek Basak, Sandip Ray, A Flexible Architecture for Systematic Implementation of SoC Security Policies international conference on computer aided design. pp. 536- 543 ,(2015) , 10.5555/2840819.2840894
Fei Chen, Yi Shan, Yu Zhang, Yu Wang, Hubertus Franke, Xiaotao Chang, Kun Wang, Enabling FPGAs in the cloud computing frontiers. pp. 3- ,(2014) , 10.1145/2597917.2597929
Eric Peeters, SoC security architecture: current practices and emerging needs design automation conference. pp. 144- ,(2015) , 10.1145/2744769.2747943
Sandip Ray, Yier Jin, Security Policy Enforcement in Modern SoC Designs international conference on computer aided design. pp. 345- 350 ,(2015) , 10.5555/2840819.2840868
Peter Loscocco, Stephen Smalley, Integrating Flexible Support for Security Policies into the Linux Operating System usenix annual technical conference. pp. 29- 42 ,(2001)
J. Gregory Steffan, Hadi Bannazadeh, Stuart Byma, Paul Chow, Alberto Leon Garcia, FPGAs in the Cloud: Booting Virtualized Hardware Accelerators with OpenStack field-programmable custom computing machines. pp. 109- 116 ,(2014) , 10.1109/.40
Ted Huffmire, Brett Brotherton, Gang Wang, Timothy Sherwood, Ryan Kastner, Timothy Levin, Thuy Nguyen, Cynthia Irvine, Moats and Drawbridges: An Isolation Primitive for Reconfigurable Hardware Based Systems ieee symposium on security and privacy. pp. 281- 295 ,(2007) , 10.1109/SP.2007.28
Ted Huffmire, Timothy Sherwood, Ryan Kastner, Timothy Levin, Enforcing memory policy specifications in reconfigurable hardware Computers & Security. ,vol. 27, pp. 197- 215 ,(2008) , 10.1016/J.COSE.2008.05.002
Suhaib A Fahmy, Kizheppatt Vipin, Shanker Shreejith, Virtualized FPGA Accelerators for Efficient Cloud Computing ieee international conference on cloud computing technology and science. pp. 430- 435 ,(2015) , 10.1109/CLOUDCOM.2015.60